Dangerous Files & Scanner Results

A

AndyManchesta

Here's a list of suspect files to keep away from,Hope it
may help some users,I will post the scanner results as a
reply to this

Detections from MS.Antispyware & virusscan.jotti.org

----------------------------------------------------------
261937.exe =

Trojan.Downloader.Small.On
----------------------------------------------------------
ahreco.exe =

Trojan.Bispy / Adware.BetterInternet
----------------------------------------------------------
aurora.exe =

TR/Hijack.Ausos / Adware.BetterInternet
----------------------------------------------------------
bi_reco.exe =

Trojan.Downloader.Agent.AB/Adware/BetterInternet.fam
----------------------------------------------------------
Bolger.dll =

AdWare.BetterInternet / Transponder Bolger
----------------------------------------------------------
DashBugFreeSetup_new.exe=

eZula BugFree / Win32.Reboot tool in the file
----------------------------------------------------------
DashConnectSetup_new.exe=

eZula DashConnect / Win32.Reboot
----------------------------------------------------------
DashMemorySetup_new.exe=

eZula Dash Memory/Win32.Reboot / AdWare.EZula.o
----------------------------------------------------------
DashPCCleanerSetup_new.exe=

eZula Dash Pc Cleaner / Win32.Reboot / AdWare.EZula.o
----------------------------------------------------------
DashPopupKillerSetup_new.exe=

eZula Dash PopUp Killer / Win32.Reboot / AdWare.EZula.l
----------------------------------------------------------
DrPMon.dll=

Trojan.Win32.Agent.db / Trojan.Drpmon
----------------------------------------------------------
Duad.exe=

Trojan.Win32.Agent.ay / W32/Agent.MC / Trojan.Downloader
CallingHome.Biz.A
----------------------------------------------------------
live.exe =

W32/ParHltnDialer.A-tr / Dialer.Generic
----------------------------------------------------------
mwsetup.exe =

MalWhere download / Trojan.Downloader.Istbar-158
----------------------------------------------------------
mm_reco.exe=

Trojan.Spybi.GK / AdWare.BetterInternet
----------------------------------------------------------
Nail.exe=

Trojan.Nail / W32/Stervis.B@bd / Adware.BetterInternet
----------------------------------------------------------
Poller.exe=

Trojan.Startup Nameshifter BK / Trojan.Agent.Ay /
Adware.CallingHome
----------------------------------------------------------
QVGqtb_Setup.exe=

Adware.NewDotNet.B-2 / AdWare.ToolBar.Quick.b
----------------------------------------------------------
remall.exe=

Trojan-Downloader.Win32.Agent.ab / W32/Agent.J /
Adware/BetterInternet
----------------------------------------------------------
rndrcus.exe=

AdWare.BetterInternet.f / Adware/Abetterintrnt.DLDR
----------------------------------------------------------
sectorp.exe=

Trojan.Win32.Zonekiller.d
----------------------------------------------------------
SpeedRank_Setup.exe=

AdWare.WebHancer.351 / AdWare.WebHancer.290.1 /
AdWare.WebHancer.370
----------------------------------------------------------
Spy_Ferret.exe=

W32.Generic / Trojan.Downloader.Istbar-158
----------------------------------------------------------
SpySpotterWebInstall.exe=

SpySpotter / Win32/Adware.SpySpotter
----------------------------------------------------------
stmtreco.exe=

TR/Drop.Imiserv.D.2 / Trojan.DownLoader.2669 /
AdWare.BetterInternet.f
----------------------------------------------------------
ss_stopsign.exe=

StopSign Virus remover / W32/Wren.F@dl / Trojan-
Downloader.Win32.Wren.i
----------------------------------------------------------
svcproc.exe=

Trojan.Stervis.C / W32/Agent.NN / Generic.CZ
----------------------------------------------------------
systb.dll=

TR/Drop.Intexp.B / IE Plugin Spyware / Adware.ImiBar
----------------------------------------------------------
systb.exe=

TR/Imiserv.C & D / IE Plugin Spyware /
AdWare.ToolBar.ImiBar
----------------------------------------------------------
toolbar.exe=

Adware.Softomate / AdWare.ToolBar.Astabar.a
----------------------------------------------------------
tt_reco.exe=

Trojan.Revop / Trojan.Downloader.Inw / TR/Revop.C
----------------------------------------------------------
uacupg.exe=

Adware.Beti-1 / AdWare.BetterInternet
----------------------------------------------------------
uninstall6_76.exe=

AdWare.NewDotNet / NewDotNet.B
----------------------------------------------------------
vbouncerinner.exe=

Virtual Bouncer / AdWare.VirtualBouncer.j
----------------------------------------------------------
VirtualBouncerUninstaller.exe=

AdWare.VirtualBouncer.n / Tool.Win32.PrcView.3741
----------------------------------------------------------
VVSNI_Cast_webInst.exe=

WhenUSearch Adware / Adware.SaveNow / AdWare.SaveNow.bo
WeatherCast
----------------------------------------------------------
VVSNI_SaveNowSiteInst.exe=

WhenU.SaveNow Adware / Adware.SaveNow
----------------------------------------------------------
VVSNI_SearchBar_PopupBlockInst.exe=

WhenUSearch Adware / AdWare.SaveNow
----------------------------------------------------------
VVSNI_WHSE1204Inst.exe=

WhenUSearch Adware / Adware.SaveNow
 
A

AndyManchesta

Detection :

----------------------------------------------------------
Ewido: found 27 Files

Adware.BetterInternet = 11

(ahreco.exe,Bolger.dll,DrPMon.dll,mm_reco.exe,Nail.exe,Pol
ler.exe,rndrcus.exe,stmtreco.exe,svcproc.exe,uacupg.exe,wu
pdsnff.exe)

TrojanDownloader.Small.on = 1 (261937.exe)

TrojanDownloader.Agent.ab = 2 (bi_reco.exe,remall.exe)

Trojan.Win32.Zonekiller = 1 (sectorp.exe)

Trojan.Agent.ay = 1 (Duad.exe)

Dialer.Generic = 1 (live.exe)

TrojanDownloader.Wren.i = 1 (ss_stopsign.exe)

Spyware.ImiBar = 1 (systb.dll)

Trojan.Imiserv.c = 1 (systb.exe)

TrojanDownloader.Intexp.c = 1 (wupdt.exe)

Spyware.Astabar = 1 (toolbar.exe)

Trojan.Revop.c = 1 (tt_reco.exe)

Adware.SaveNow = 4

(VVSNI_Cast_webInst.exe,VVSNI_SaveNowSiteInst.exe,VVSNI_Se
archBar_PopupBlockInst.exe,VVSNI_WHSE1204Inst.exe)

----------------------------------------------------------
SpySweeper Found 22 Files

IE Plugin = 3 (systb.dll,systb.exe,wupdt.exe)

BetterInternet = 14

(svcproc.exe,poller.exe,nail.exe,duad.exe,bolger.dll,auror
a.exe,uacupg.exe,drpmon.dll,stmtreco.exe,ahreco.exe,rndrcu
s.exe,bi_reco.exe,remall.exe,wupdsnff.exe)

Twain-tech = 1 (tt_reco.exe)

Virtual Bouncer = 1 (vbouncerinner.exe)

WeatherCast = 1 (VVSNI_Cast_webInst.exe)

SaveNow/WhenUSave = 2

(VVSNI_SaveNowSiteInst.exe,VVSNI_SearchBar_PopupBlockInst.
exe)
----------------------------------------------------------
Microsofts Antispyware found 22 Files


Transponder Reco = 3 (ahreco.exe,mm_reco.exe,tt_reco.exe)

Transponder Bolger = 1 (Bolger.dll)

Transponder DrPmon = 1 (drpmon.dll)

Transponder Aurora = 2 (svcproc.exe,nail.exe)

Transponder Thinstaller = 1 (rndrcus.exe)

Transponder BetterInternet = 2 (stmtreco.exe,wupdsnff.exe)

Transponder Ceres = (uacupg.exe)

eZula Dash Connect = 1 (DashConnectSetup_new.exe)

eZula Dash Memory = 1 (DashMemorySetup_new.exe)

eZula Dash PC Cleaner = 1 (DashPCCleanerSetup_new.exe)

eZula Dash PopUp Killer = 1 (DashPopupKillerSetup_new.exe)

Trojan.Startup.Nameshifter.BK = 1 (poller.exe)

IE Plugin = 3 (systb.exe,systb.dll,wupdt.exe)

WhenU.WhenUSearch = 2

VVSNI_Cast_webInst.exe,VVSNI_SearchBar_PopupBlockInst.exe)

WhenU.SaveNow = 1 (VVSNI_SaveNowSiteInst.exe)

----------------------------------------------------------
Adaware SE : Found 17 Files

VX2 = 12

(Bolger.dll,DrPMon.dll,mm_reco.exe,Nail.exe,Poller.exe,rem
all.exe,rndrcus.exe,stmtreco.exe,svcproc.exe,tt_reco.exe,
uacupg.exe,wupdsnff.exe)

Win32.TrojanDownloader.Agent.Ay = 1 (Duad.exe)

ImIServer IEPlugin = 2 (systb.dll,systb.exe,

WhenU Object = 2

(VVSNI_Cast_webInst.exe,VVSNI_SearchBar_PopupBlockInst.exe

----------------------------------------------------------
Trend Micro's Housecall: Found 8 Files

TSPY_DLOADER.DG = 1 (Duad.exe)

TROJ_NAIL.B = 1 (Nail.exe)

TROJ_AGENT.UD = 1 (poller.exe)

TROJ_WREN.G = 1 (ss_stopsign.exe)

TROJ_STERVIS.C = 1 (svcproc.exe)

TROJ_IMISERV.C = 1 (systb.dll)

TROJ_REVOP.F = 1 (tt_reco.exe)

ADW_SHOPNAV.D = (No Location Given,Checked for Srng.exe
but nothing found,False Positive)

----------------------------------------------------------
Trend Micro's Spyware Scan : Found 8 Files


Adware VX2 = 4(bi_reco.exe,Duad.exe,rndrcus.exe,systb.exe)

BHO BetterInternet = 2 (Bolger.dll,drpmon.dll)

Intergrated Search Technologies/IST = 1 (remall.exe)

CoolWebSearch = 1 (systb.dll)
 
P

plun

Hi Andy

Great !

Did you run Spybot with latest defs ?
Beacuse according Spybots homepage
abetterinternet should be within Spybots defs.

2005-07-15
Hijacker
+ SearchForIt + TNS-Search
Malware
+ Abetterinternet (2) + Look2Me (2)
Spyware
+ eZula HotText + Targetsaver + GAIN.DashBar + WhenU.ClockSync +
VX2.ABetterInternet + IEPlugin
Trojan
+ Haxdoor-H

http://www.safer-networking.org/en/index.html
 
A

AndyManchesta

Hi Plun

Yeah every scanner was run on the default setting with
latest definitions.

Not sure why Spybot S&D did so poor,maybe its because the
files are just saved and not executed,When I run some of
the files spybot may then find the traces as it might
just look in certain area's and not scan all files the
way the other remover's do.

What I found interesting was how every remover called the
same files different names some referring to them as
Trojans then others Spyware/Adware. It makes it hard to
know what the right scanners are for these so thats why I
wanted to test as many as I can to get a idea of what
these threats really were.

I dont think it will help many users but may help MS to
see their remover is in the top 3 especially where these
files are concerned anyway,Plus the only file that was
default to ignore out of the list was WhenU.SaveNow, the
rest set to remove so thats also good to see.

Andy
 
A

AndyManchesta

Hey Plun

Good link i see Eric's as busy as ever ,Some of the
Hijack This Experts getting involved as well which is
good,

It has to be Aurora and CWS at the top of the list in any
order ,Aurora is getting easier to deal with now though
because its been around for awhile but its a pain if you
dont know all the steps as its a never ending cycle,Its
gone no its back ,Its gone oh no its back again and on it
goes but its fun trying to keep up with them,

Im sure it wont be long before they change the infection
and then everyone will be back to testing again to find
ways to kill it but for now its more of a pain than a
problem and thanks to experts like RaCooper ,Swandog,
Miekiemoes and all the rest its now getting easier to
deal with each time it comes up.

Andy
 
Top